To overcome the need for investigators to travel far and wide to gather evidence from infected computers after a cyberattack, a Kaspersky Lab expert has developed a software tool that can remotely collect vital data without risk of its contamination or loss.

Vitaly Kamluk, director at Global Research and Analysis Team (GReAT) of Kaspersky Lab Asia Pacific, presents his new free software called BitScout during the company’s Paleontology of Cybersecurity Conference last week in Suntec City, Singapore

Named BitScout, the tool can perform remote forensic investigation of live systems and has been made freely available for all investigators to use.

In most cyberattacks, legitimate owners of compromised systems fall victim to unidentified perpetrators. Victims usually agree to cooperate and help security researchers find the infection vector or other details about the attackers.

However, it is a longstanding concern among forensic researchers that the need to travel long distances to collect crucial evidence such as malware samples from infected computers can result in expensive and delayed investigations.

The longer it takes for an attack to be understood, the longer it is before users are protected and perpetrators identified. However, the alternatives have either involved expensive tools and a knowledge of how to operate them, or the risk of contaminating or losing evidence by moving it between computers.

To solve the problem, Vitaly Kamluk, director of Kaspersky Lab’s Global Research and Analysis Team in Asia Pacific (APAC), has created an open-source digital tool that can remotely collect key forensic materials, acquire full disk images via the network or locally attached storage, or simply remotely assist in malware incident handling.

Evidence data can be viewed and analyzed remotely or locally while the source data storage remains intact through reliable container-based isolation.

“The need to analyze security incidents as efficiently and swiftly as possible is increasingly important, as adversaries grow ever more advanced and stealthy. But speed at all costs is not the answer either – we need to ensure evidence is untainted so that investigations are trusted and results can be qualified for use in court if required. I couldn’t find a tool that allowed us to achieve all of this, freely and easily – so I decided to build one,” said Kamluk.

BitScout can be adjusted to the particular needs of an investigator, and improved and upgraded with additional features and custom software.

Most importantly it comes free of charge, based on open-source solutions and is fully transparent: instead of relying on third-party tools with proprietary code, experts can use the Bitscout open-source code to build their own swiss-army knife for digital forensics.

Newsbytes.ph is guided by this principle: If there’s an IT news that needs to be known by the public, we have the duty to report it — no matter what or who is involved. This is our contract with our readers. READ MORE

Subscribe

You can subscribe to Newsbytes.ph by e-mail to receive news and updates directly in your inbox for FREE. Simply enter your e-mail below and click Sign Up.